US8713631B1 - System and method for detecting malicious code executed by virtual machine - Google Patents
System and method for detecting malicious code executed by virtual machine Download PDFInfo
- Publication number
- US8713631B1 US8713631B1 US13/767,391 US201313767391A US8713631B1 US 8713631 B1 US8713631 B1 US 8713631B1 US 201313767391 A US201313767391 A US 201313767391A US 8713631 B1 US8713631 B1 US 8713631B1
- Authority
- US
- United States
- Prior art keywords
- virtual machine
- exception
- process virtual
- program instructions
- context information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45587—Isolation or security of virtual machine instances
Definitions
- the invention relates generally to information processing and security and, more particularly, to detecting malicious software whose code is executed by a virtual machine.
- Exploits are the most dangerous of such threats.
- An exploit is a fragment of a program code or a sequence of commands which uses vulnerabilities in software and is used to attack a computer system. The danger lies not in the exploits themselves, but in the payload that they carry with them.
- the payload of an exploit is a functionality deployed by the offender, which, when a vulnerability is exploited on a system under attack, results in unauthorized activation of the functionality. Downloads of malicious software can be cited as an example of such functionality. Exploits can be used either independently, to test computer systems security, or together with malicious software.
- the first method involves elimination of the vulnerability used by the exploit.
- the second method involves using special tools for detecting the presence of exploits and stopping their activity. Such tools can be either built in the software itself (for example, the Java virtual machine security model) or provided externally.
- the first approach is reliable and addresses a root cause of the problem, but it has two significant drawbacks. For one, a rather long period of time passes from the moment the vulnerability is found to the moment the corrected software version is issued. The users of the vulnerable product remain unprotected throughout this period.
- Another drawback is that the first approach does not provide any protection from the so-called “zero day” vulnerabilities, i.e., threats that use an error or a vulnerability in the application or the operating system and arise immediately after the vulnerability is found, but before the relevant upgrade is issued.
- the second approach avoids these drawbacks, but its reliability depends on the quality of its technical realization, and it should be noted that such protection tools can themselves be vulnerable.
- the most widespread solutions which use this approach are detection of exploits using heuristic rules and signature analysis (e.g., analysis of whether the analyzed code is identical to samples of the code of known computer threats), and built-in virtual machine security tools.
- signatures is generally suitable for detection of known exploits.
- this solution will turn out to be useless.
- the heuristic analysis implementation does not have this deficiency, but it can be inefficient in cases where there is a more elaborate code modification (e.g., encryption/obfuscation), where there is a change of the malicious code's algorithm, or where techniques to avoid code emulation are deployed.
- code modification e.g., encryption/obfuscation
- a virtual machine is a software-based computing environment which runs on a hardware platform and operating system of a computer system.
- the virtual machine establishes a level of abstraction to achieve independence from the hardware platform on which the virtual machine is actually executed.
- Virtual machines have their own built-in security models. Special note should be given to the Java Virtual Machine (JVM) security model; which has four components: a class file verifier, a class loader, a security manager and the JVM architecture itself. Since Java byte code can be interpreted, it is possible to control an array indexes making it possible to avoid buffer overflows, which represent the most typical and dangerous type of software execution error.
- JVM Java Virtual Machine
- There are also built-in mechanisms for processing exceptions allow to efficiently solve arising conflicts, while a trash collector cleans unused memory, preventing the offender from viewing the “trash” memory blocks, which may contain useful information.
- the security manager the most important element in the security model for JVM, is a component which grants rights to applications, in accordance with the established security policy. If a situation arises where an application attempts to perform a privileged operation, the security manager checks the application's rights and determines the legitimacy of such behavior.
- the default security manager is the Java-class java.lang.SecurityManager; which includes several methods for checking operations critical to the security policy.
- One aspect of the invention is directed to an automated computer-implemented method for protecting against a malicious set of program instructions that are executable by a process virtual machine.
- the process virtual machine comprises program instructions executable on a computer system having a hardware platform and an operating system.
- the method includes:
- a system for protecting against malicious functionality of a subject set of program instructions includes a computer system having a hardware platform and an operating system executable on the hardware platform.
- a process virtual machine module is executable on the computer system and, when executed, forms a virtual execution environment in which the subject set of program instructions are executable.
- a control module is executable on the computer system that augments the process virtual machine to insert an exception monitoring module therein.
- the exception monitoring module is configured to detect an exception occurring as a result of execution of the subject set of program instructions, with the exception representing an occurrence of an event determined as having potential to violate a predefined security policy. In response to a detection of an occurrence of the exception, the exception monitoring module gathers context information representing circumstances surrounding the occurrence of the exception.
- the context information is provided to be subjected to analysis for a presence of the malicious code (e.g., to an analysis module that can be executing locally or remotely relative to the computer system.
- the exception monitoring module determines, based on a result of the analysis, whether to permit further execution of the subject set of program instructions by the process virtual machine.
- FIG. 1 is a flow diagram illustrating a method for detecting threats in a piece of software code to be executed by a virtual machine according to one embodiment of the invention.
- FIG. 2 is a block diagram depicting an example of a system for detecting threats posed by a piece of software code to be executed by a virtual machine according to one embodiment of the invention.
- FIG. 3 is a block diagram depicting an example embodiment of a system for detecting threats in a piece of code executed by a virtual machine that is a augmentation of Java Virtual Machine (JVM).
- JVM Java Virtual Machine
- FIG. 4 is a listing of a Java Virtual Machine's call stack, from which information is collected for analysis as part of the operation of the embodiment of FIG. 3 .
- FIG. 5 is a block diagram depicting a general-purpose computer system on which aspects of the invention can be implemented.
- the system and method of the invention are implemented, and carried out, respectively, using computer machinery.
- the computer-implemented system can be implemented in one physical machine, or can be distributed among multiple physical machines, such as by role or function, or by process thread in the case of a cloud computing distributed model.
- aspects of the invention can be configured to run in system virtual machines that in turn are executed on one or more physical machines. It will be understood by persons of skill in the art that features of the invention may be realized by a variety of different suitable machine implementations.
- aspects of the invention are directed to checking the virtual machine and the code that it interprets.
- process virtual machines also known as application virtual machines, which serve to provide an application execution environment, such as a Java Virtual Machine (JVM), or the Common Language Runtime (CLR).
- JVM Java Virtual Machine
- CLR Common Language Runtime
- FIG. 1 depicts an algorithm for detecting a presence of malicious piece of code, such as a harmful program, applet, or the like, or an infected portion of an otherwise benign program in a subject set of program instructions executable by a virtual machine.
- the virtual machine's program code is augmented by an automated augmentation process.
- the augmentation process is executed on the same computer system on which the virtual machine executes.
- the augmentation process inserts a specialized supplemental code into the virtual machine's program instructions. This supplemental code adds functionality for checking the execution of the code by the virtual machine, tracking virtual machine events, stopping the operation of the virtual machine, starting or re-starting the operation, etc.
- the supplemental code according to this embodiment is particularized to the specific type of virtual machine that it augments.
- the virtual machine's exceptions are tracked. Events occurring in the course of operation of the virtual machine during execution of the subject program code are checked at 103 to determine if they constitute an exception; if an event caused by the virtual machine is an exception, the virtual machine's operation will be suspended at 104 .
- exceptions in the present context refers to critical events that have the potential to cause violations of the rules set by the security policy.
- the applicable security policy can be defined by any suitable technique, e.g., in the augmentation code, or elsewhere in the configuration file(s) of a security application, operating system, etc.
- the analysis of the circumstances surrounding the exception is performed through comparison of the information indicating the circumstances surrounding the exception at 105 with a template (for example, comparison of the call stack preceding the exception with the call stack listed in the template). The analysis is performed with the purpose of detecting a threat in the code that caused the exception.
- Decision 107 tests whether the code contains a threat and, if the case is affirmative, the execution of the code by the virtual machine will be terminated at 108 ; on the other hand, if the code is safe, the virtual machine will be allowed to continue operation. Accordingly, at 109 , the virtual machine is started again.
- FIG. 2 is a high-level diagram illustrating a virtual machine and a protection mechanism added to it according to one embodiment that includes a specialized monitoring module operatively coupled with an analysis module.
- module as used herein means a real-world device, component, or arrangement of components implemented using hardware, such as by an application specific integrated circuit (ASIC) or field-programmable gate array (FPGA), for example, or as a combination of hardware and software, such as by a microprocessor-based system and a set of program instructions stored in a non-transitory storage medium that configure the microprocessor-based system to implement the particular functionality, which (while being executed) transform the microprocessor system into a special-purpose device for carrying out the module's stated functionality.
- ASIC application specific integrated circuit
- FPGA field-programmable gate array
- a module can also be implemented as a combination of the two, with certain functions facilitated by hardware alone, and other functions facilitated by a combination of hardware and software.
- at least a portion, and in some cases, all, of a module can be executed on the processor(s) of one or more computers that execute an operating system, system programs, and application programs, while also implementing the module using multitasking, multithreading, distributed (e.g., cloud) processing where appropriate, or other such techniques.
- each module can be realized in a variety of suitable configurations, and should generally not be limited to any particular implementation exemplified herein, unless such limitations are expressly called out or clearly implied from the context in which the term appears. Indeed, the virtual machine may itself be regarded as a module.
- monitoring module 201 is incorporated in the code (i.e., program instructions) of virtual machine 203 .
- Monitoring module 201 tracks exceptions that occur during operation of the virtual machine 203 as it executes the code of a subject set of program instructions and, if exceptions occur, monitoring module 201 collects exception context information about the circumstances surrounding the exception, and then transfers the collected information to analysis module 202 .
- the analysis module 202 is implemented in this embodiment as a distinct module from virtual machine 203 .
- Analysis module 202 in various embodiments, can be realized as an application program (or component thereof) that runs natively in the operating system, in a separate virtual execution environment, on a remote computer system (e.g., security server), or in distributed fashion on multiple different computer systems, e.g., in a cloud computing model.
- Analysis module 202 compares the received context with a set of one or more templates contained in a regularly-updated database 204 . Each template represents a pattern of events associated with malicious activity. Based on the comparison, the analysis module 202 makes a decision regarding the safety of the code that caused the exception and reports the conclusion to monitoring module 201 .
- the monitoring module 201 depending on the decision by the analysis module 202 , either allows the virtual machine 203 to continue execution of the code, or terminates its operation.
- FIG. 3 is a block diagram of a particular realization of the invention according to one embodiment in which the program code of JVM 302 is augmented by supplemental code that implements monitoring module 201 in the address space of virtual machine 302 in order to detect threats.
- the insertion of the supplemental code to JVM 302 is performed by control module 303 , which is persistently loaded in the system and tracks the start of the virtual machine's operation.
- control module 303 augments the virtual machine's code by inserting a specialized monitoring module 201 into the JVM.
- monitoring module 201 is realized as an added extension to an existing built-in security manager 301 .
- Built-in security manager 301 can be of a conventional type, i.e., having drawbacks such as those identified above.
- the monitoring module 201 tracks the exceptions that typically occur in as a result of execution of malicious code (access to file system, communications over a network, etc.) and, if such an exception occurs, sends the circumstances surrounding the exception to analysis module 202 via control module 303 .
- Analysis module 202 makes a determination as to the safety of the behavior of the code which caused the exception based on the analysis of the data received from the monitoring module 201 . If the behavior is deemed to be malicious, the control module 303 instructs the monitoring module 201 to end the execution of the code. In order to make the determination of maliciousness, a comparison is carried out by the analysis module 202 using templates contained in regularly-updated updated database 204 .
- the above-described system can be used to detect exploits—for example, those that use the CVE-2011-3544 vulnerability.
- This vulnerability is based on an error in the class sun.org.mozilla.javascript.internal.NativeError. Exploitation of this vulnerability allows the offender to execute an arbitrary code on a remote machine.
- the JVM code is first augmented by function overloading the checkPermission and checkExec methods of the java.lang.SecurityManager class. Injection of the augmentation code into the JVM can be performed using -Xbootclasspath/p: ⁇ path> parameter of JAVA.EXE.
- this approach overrides standard implementation.
- adding this option pointing to java2sw.jar file overrides the standard SecurityManager implementation with an extended version.
- the augmentation code is injected into a JAVA.EXE process each time it is executed as part of a Java. For example, if JVM is executed as a plugin, the injection of augmentation code can be made in response to detection of the start of the Java plugin.
- Monitoring module 201 tracks the exception typical for a code exploiting this vulnerability—for example, an attempt to disable a protected execution environment (i.e., sandbox), which can be observed as a setSecurityManager event, for example. If such an event occurs, the execution of the code by the virtual machine will be stopped, and monitoring module 201 will collect information on the exception's context, including the call stack of the current thread, an example of which is provided in FIG. 4 . All collected information is sent to the analysis module 202 , which contains a stack frame analysis rule for detection of threats that use the CVE-2011-3544 vulnerability.
- a protected execution environment i.e., sandbox
- a stack frame is sent to the analysis module's input; the stack frame is checked for a call for methods typical for the above-described threat, namely, the java.lang.System.setSecurityManager and sun.org.mozilla.javascript.internal.NativeError.toString methods.
- the control module 303 sends a command to the monitoring module to stop the operation of the virtual machine.
- the analysis system instead of using the updated database for the evaluation of the code under examination, may perform detection based on rigidly set templates.
- the augmentation of the virtual machine may be performed before the virtual machine is loaded into the memory for execution (for example, when the virtual machine code is still stored in a non-volatile storage medium such as a hard drive).
- monitoring module 201 is used to collect statistical information on the detected threats; and this information is be used to fill the database 204 .
- FIG. 5 is a block diagram illustrating an exemplary general-purpose computer system on which one or more functional modules of the system can be implemented.
- Personal computer or server 520 includes a hardware platform that includes a processor 521 , system memory 522 and system bus 523 , which contains various system components, including memory associated with processor 521 .
- the system bus 523 is implemented as any known in bus structure, including a bus memory, bus memory controller, peripheral bus and local bus, which can interact with any other bus architecture.
- System memory includes read only memory (ROM) 524 , and random access memory (RAM) 525 .
- BIOS Basic input/output system
- BIOS Basic input/output system
- the personal computer 520 contains a hard drive 527 for reading and writing, magnetic disk drive 528 for reading and writing to removable magnetic disk 529 and an optical drive 530 for reading and writing to removable optical disk 531 , such as CD-ROM, DVD-ROM or other optical media.
- the hard disk drive 527 , magnetic disk drive 528 , optical drive 530 are all connected to the system bus 523 via the hard disk interface 532 , magnetic disk drive interface 533 and an optical drive interface 534 , respectively.
- Drives and the corresponding computer storage media are non-transitory, and non-volatile storage means of computer instructions, data structures, program modules and other data of a personal computer 520 .
- Some of the software modules are stored on a hard disk, magnetic disk 529 , optical disk 531 , ROM 524 or RAM 525 .
- a computer 520 has a file system 536 , which stores the operating system 535 and additional software applications 537 , other program modules 538 and program data 539 .
- the user has the ability to enter commands and information into a personal computer 520 through input devices (keyboard 540 , Mouse 542 ).
- Other input devices may be (not shown): microphone, joystick, game console, satellite dish, scanner, etc.
- Such an input device are usually connected to the processor 521 through a serial port 546 , which in turn is connected to the system bus, but may be connected by other means, such as a parallel port, game port or universal serial bus (USB).
- a monitor 547 or other type of display device is also connected to the system bus 523 via an interface such as a video adapter 548 .
- personal computer can be equipped with other peripheral output devices (not shown), such as speakers and printer, etc.
- Personal computer 520 generally operates in a networked environment, using a logical connection to one or more remote computers 549 .
- a remote computer (or computers) 549 is/are the same as personal computers, servers, routers, network stations, peering devices or another network host, and usually, have most or all of the elements previously described in the description of the substance of a personal computer 520 , shown in FIG. 5 , but only as a storage device 550 with applications 537 .
- Logical connections include a local area network (LAN) 551 and wide area network (WAN) 552 , such networks are common office equipment, and are also used in corporate computer networks, company intranets and the Internet.
- LAN local area network
- WAN wide area network
- a personal computer 520 When using LAN networks, a personal computer 520 is connected to LAN 551 via a network adapter or interface 553 .
- personal computer 520 When using the WAN networking, personal computer 520 has a modem 554 or other means of communication with the global computer network 552 , such as the Internet.
- a modem 554 which may be internal or external, is connected to the system bus 523 via a serial port 546 .
- software modules of exposed personal computers 520 or parts of such programs, are stored in remote storage devices. It should be pointed out that the network connections are merely illustrative and are not required to display the exact network configuration, network, i.e., in fact, there are other ways of establishing a logical connection, other technical means of communication of one computer to another.
- aspects of the invention may be implemented using a computer system that is a subset of the general-purpose computer system described above.
- the computer system may be a blade server having a relatively limited set of input/output facilities.
- the computer system may also be implemented as an embedded system operating on a microcontroller digital signal processor, application-specific integrated circuit, field programmable gate array, or the like, provided that the system includes sufficient input/output facilities to enable it to interface with a subject computer system being managed or with other computing devices.
Abstract
Description
-
- augmenting, by an automated augmentation process executing on the computer system, the program instructions of the process virtual machine to establish an exception monitoring module within the process virtual machine;
- executing, via the process virtual machine, the subject set of program instructions;
- detecting, by the exception monitoring module, an exception occurring as a result of the execution of the subject set of program instructions, wherein the exception represents an occurrence of an event determined as having potential to violate a predefined security policy;
- in response to a detection of an occurrence of the exception, gathering, by the exception monitoring module, context information from the process virtual machine, the context information representing circumstances surrounding the occurrence of the exception;
- providing, by the exception monitoring module, the context information to be subjected to analysis for a presence of the malicious set or program instructions; and
- determining, by the exception monitoring module, based on a result of the analysis, whether to permit further execution of the subject set of program instructions by the process virtual machine.
Claims (23)
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
RU2012156443/08A RU2522019C1 (en) | 2012-12-25 | 2012-12-25 | System and method of detecting threat in code executed by virtual machine |
RU2012156443 | 2012-12-25 |
Publications (1)
Publication Number | Publication Date |
---|---|
US8713631B1 true US8713631B1 (en) | 2014-04-29 |
Family
ID=49112613
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/767,391 Active US8713631B1 (en) | 2012-12-25 | 2013-02-14 | System and method for detecting malicious code executed by virtual machine |
Country Status (5)
Country | Link |
---|---|
US (1) | US8713631B1 (en) |
CN (1) | CN103593608B (en) |
DE (1) | DE202013102179U1 (en) |
FR (1) | FR3000249B3 (en) |
RU (1) | RU2522019C1 (en) |
Cited By (182)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140282832A1 (en) * | 2013-03-15 | 2014-09-18 | Intel Corporation | Method, apparatus, system, and computer readable medium for providing apparatus security |
US8990944B1 (en) | 2013-02-23 | 2015-03-24 | Fireeye, Inc. | Systems and methods for automatically detecting backdoors |
US20150089652A1 (en) * | 2013-07-15 | 2015-03-26 | Eset, Spol. S R. O. | Methods of detection of software exploitation |
US9009823B1 (en) | 2013-02-23 | 2015-04-14 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications installed on mobile devices |
US9009822B1 (en) * | 2013-02-23 | 2015-04-14 | Fireeye, Inc. | Framework for multi-phase analysis of mobile applications |
US20150278515A1 (en) * | 2014-03-27 | 2015-10-01 | International Business Machines Corporation | Monitoring an application in a process virtual machine |
US9159035B1 (en) | 2013-02-23 | 2015-10-13 | Fireeye, Inc. | Framework for computer application analysis of sensitive information tracking |
US9176843B1 (en) | 2013-02-23 | 2015-11-03 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications |
US9223972B1 (en) | 2014-03-31 | 2015-12-29 | Fireeye, Inc. | Dynamically remote tuning of a malware content detection system |
US20160021142A1 (en) * | 2014-07-17 | 2016-01-21 | Check Point Advanced Threat Prevention Ltd | Automatic content inspection system for exploit detection |
US9262635B2 (en) | 2014-02-05 | 2016-02-16 | Fireeye, Inc. | Detection efficacy of virtual machine-based analysis with application specific events |
US9282109B1 (en) | 2004-04-01 | 2016-03-08 | Fireeye, Inc. | System and method for analyzing packets |
US9294501B2 (en) | 2013-09-30 | 2016-03-22 | Fireeye, Inc. | Fuzzy hash of behavioral results |
US9300686B2 (en) | 2013-06-28 | 2016-03-29 | Fireeye, Inc. | System and method for detecting malicious links in electronic messages |
US9306960B1 (en) | 2004-04-01 | 2016-04-05 | Fireeye, Inc. | Systems and methods for unauthorized activity defense |
US9306974B1 (en) | 2013-12-26 | 2016-04-05 | Fireeye, Inc. | System, apparatus and method for automatically verifying exploits within suspect objects and highlighting the display information associated with the verified exploits |
US9311479B1 (en) | 2013-03-14 | 2016-04-12 | Fireeye, Inc. | Correlation and consolidation of analytic data for holistic view of a malware attack |
US9355247B1 (en) | 2013-03-13 | 2016-05-31 | Fireeye, Inc. | File extraction from memory dump for malicious content analysis |
US9363280B1 (en) | 2014-08-22 | 2016-06-07 | Fireeye, Inc. | System and method of detecting delivery of malware using cross-customer data |
US9367681B1 (en) | 2013-02-23 | 2016-06-14 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications using symbolic execution to reach regions of interest within an application |
WO2016105860A1 (en) * | 2014-12-23 | 2016-06-30 | Mcafee, Inc. | Execution profiling detection of malicious objects |
US9398028B1 (en) | 2014-06-26 | 2016-07-19 | Fireeye, Inc. | System, device and method for detecting a malicious attack based on communcations between remotely hosted virtual machines and malicious web servers |
US9432389B1 (en) | 2014-03-31 | 2016-08-30 | Fireeye, Inc. | System, apparatus and method for detecting a malicious attack based on static analysis of a multi-flow object |
US9430646B1 (en) | 2013-03-14 | 2016-08-30 | Fireeye, Inc. | Distributed systems and methods for automatically detecting unknown bots and botnets |
US9438613B1 (en) | 2015-03-30 | 2016-09-06 | Fireeye, Inc. | Dynamic content activation for automated analysis of embedded objects |
US9438623B1 (en) | 2014-06-06 | 2016-09-06 | Fireeye, Inc. | Computer exploit detection using heap spray pattern matching |
US9438622B1 (en) | 2008-11-03 | 2016-09-06 | Fireeye, Inc. | Systems and methods for analyzing malicious PDF network content |
US9483644B1 (en) | 2015-03-31 | 2016-11-01 | Fireeye, Inc. | Methods for detecting file altering malware in VM based analysis |
US9495180B2 (en) | 2013-05-10 | 2016-11-15 | Fireeye, Inc. | Optimized resource allocation for virtual machines within a malware content detection system |
US9591015B1 (en) | 2014-03-28 | 2017-03-07 | Fireeye, Inc. | System and method for offloading packet processing and static analysis operations |
US9594912B1 (en) | 2014-06-06 | 2017-03-14 | Fireeye, Inc. | Return-oriented programming detection |
US9594904B1 (en) | 2015-04-23 | 2017-03-14 | Fireeye, Inc. | Detecting malware based on reflection |
US9626509B1 (en) | 2013-03-13 | 2017-04-18 | Fireeye, Inc. | Malicious content analysis with multi-version application support within single operating environment |
US9628507B2 (en) | 2013-09-30 | 2017-04-18 | Fireeye, Inc. | Advanced persistent threat (APT) detection center |
US9628498B1 (en) | 2004-04-01 | 2017-04-18 | Fireeye, Inc. | System and method for bot detection |
US20170124319A1 (en) * | 2015-10-29 | 2017-05-04 | International Business Machines Corporation | Using call stack snapshots to detect anomalous computer behavior |
US9661018B1 (en) | 2004-04-01 | 2017-05-23 | Fireeye, Inc. | System and method for detecting anomalous behaviors using a virtual machine environment |
US9672354B2 (en) | 2014-08-18 | 2017-06-06 | Bitdefender IPR Management Ltd. | Systems and methods for exposing a result of a current processor instruction upon exiting a virtual machine |
US9690933B1 (en) | 2014-12-22 | 2017-06-27 | Fireeye, Inc. | Framework for classifying an object as malicious with machine learning for deploying updated predictive models |
US9690936B1 (en) | 2013-09-30 | 2017-06-27 | Fireeye, Inc. | Multistage system and method for analyzing obfuscated content for malware |
US9690606B1 (en) | 2015-03-25 | 2017-06-27 | Fireeye, Inc. | Selective system call monitoring |
WO2017109128A1 (en) * | 2015-12-24 | 2017-06-29 | British Telecommunications Public Limited Company | Detecting malicious software |
WO2017109129A1 (en) * | 2015-12-24 | 2017-06-29 | British Telecommunications Public Limited Company | Software security |
US20170201490A1 (en) * | 2016-01-08 | 2017-07-13 | Secureworks Holding Corporation | Systems and Methods for Secure Containerization |
WO2017127850A1 (en) * | 2016-01-24 | 2017-07-27 | Hasan Syed Kamran | Computer security based on artificial intelligence |
US9736179B2 (en) | 2013-09-30 | 2017-08-15 | Fireeye, Inc. | System, apparatus and method for using malware analysis results to drive adaptive instrumentation of virtual machines to improve exploit detection |
US9747446B1 (en) | 2013-12-26 | 2017-08-29 | Fireeye, Inc. | System and method for run-time object classification |
US9773112B1 (en) | 2014-09-29 | 2017-09-26 | Fireeye, Inc. | Exploit detection of malware and malware families |
US9817638B2 (en) * | 2013-12-27 | 2017-11-14 | Symantec Corporation | Systems and methods for injecting code into an application |
US9825989B1 (en) | 2015-09-30 | 2017-11-21 | Fireeye, Inc. | Cyber attack early warning system |
US9825976B1 (en) | 2015-09-30 | 2017-11-21 | Fireeye, Inc. | Detection and classification of exploit kits |
US9824216B1 (en) | 2015-12-31 | 2017-11-21 | Fireeye, Inc. | Susceptible environment detection system |
US9838417B1 (en) | 2014-12-30 | 2017-12-05 | Fireeye, Inc. | Intelligent context aware user interaction for malware detection |
US9838416B1 (en) | 2004-06-14 | 2017-12-05 | Fireeye, Inc. | System and method of detecting malicious content |
US9910988B1 (en) | 2013-09-30 | 2018-03-06 | Fireeye, Inc. | Malware analysis in accordance with an analysis plan |
US9923919B2 (en) | 2013-03-15 | 2018-03-20 | Shape Security, Inc. | Safe intelligent content modification |
US9921978B1 (en) | 2013-11-08 | 2018-03-20 | Fireeye, Inc. | System and method for enhanced security of storage devices |
US9973531B1 (en) | 2014-06-06 | 2018-05-15 | Fireeye, Inc. | Shellcode detection |
US9973519B2 (en) | 2013-03-15 | 2018-05-15 | Shape Security, Inc. | Protecting a server computer by detecting the identity of a browser on a client computer |
US10027689B1 (en) | 2014-09-29 | 2018-07-17 | Fireeye, Inc. | Interactive infection visualization for improved exploit detection and signature generation for malware and malware families |
US10027690B2 (en) | 2004-04-01 | 2018-07-17 | Fireeye, Inc. | Electronic message analysis for malware detection |
US10033747B1 (en) | 2015-09-29 | 2018-07-24 | Fireeye, Inc. | System and method for detecting interpreter-based exploit attacks |
US10044753B2 (en) | 2014-01-20 | 2018-08-07 | Shape Security, Inc. | Intercepting and supervising calls to transformed operations and objects |
US10050998B1 (en) | 2015-12-30 | 2018-08-14 | Fireeye, Inc. | Malicious message analysis system |
US10068091B1 (en) | 2004-04-01 | 2018-09-04 | Fireeye, Inc. | System and method for malware containment |
US10075455B2 (en) | 2014-12-26 | 2018-09-11 | Fireeye, Inc. | Zero-day rotating guest image profile |
US10084813B2 (en) | 2014-06-24 | 2018-09-25 | Fireeye, Inc. | Intrusion prevention and remedy system |
US10089216B2 (en) | 2014-06-30 | 2018-10-02 | Shape Security, Inc. | Automatically determining whether a page of a web site is broken despite elements on the page that may change |
US10133863B2 (en) | 2013-06-24 | 2018-11-20 | Fireeye, Inc. | Zero-day discovery system |
US10133866B1 (en) | 2015-12-30 | 2018-11-20 | Fireeye, Inc. | System and method for triggering analysis of an object for malware in response to modification of that object |
US10148693B2 (en) | 2015-03-25 | 2018-12-04 | Fireeye, Inc. | Exploit detection system |
US10165000B1 (en) | 2004-04-01 | 2018-12-25 | Fireeye, Inc. | Systems and methods for malware attack prevention by intercepting flows of information |
US10169585B1 (en) | 2016-06-22 | 2019-01-01 | Fireeye, Inc. | System and methods for advanced malware detection through placement of transition events |
US10176321B2 (en) | 2015-09-22 | 2019-01-08 | Fireeye, Inc. | Leveraging behavior-based rules for malware family classification |
US10187408B1 (en) * | 2014-04-17 | 2019-01-22 | Shape Security, Inc. | Detecting attacks against a server computer based on characterizing user interactions with the client computing device |
US10193909B2 (en) | 2013-03-15 | 2019-01-29 | Shape Security, Inc. | Using instrumentation code to detect bots or malware |
US10205742B2 (en) | 2013-03-15 | 2019-02-12 | Shape Security, Inc. | Stateless web content anti-automation |
US10212137B1 (en) | 2014-01-21 | 2019-02-19 | Shape Security, Inc. | Blind hash compression |
US10210329B1 (en) | 2015-09-30 | 2019-02-19 | Fireeye, Inc. | Method to detect application execution hijacking using memory protection |
US10230718B2 (en) | 2015-07-07 | 2019-03-12 | Shape Security, Inc. | Split serving of computer code |
US10242185B1 (en) | 2014-03-21 | 2019-03-26 | Fireeye, Inc. | Dynamic guest image creation and rollback |
US10284575B2 (en) | 2015-11-10 | 2019-05-07 | Fireeye, Inc. | Launcher for setting analysis environment variations for malware detection |
US10284574B1 (en) | 2004-04-01 | 2019-05-07 | Fireeye, Inc. | System and method for threat detection and identification |
US10333924B2 (en) | 2014-07-01 | 2019-06-25 | Shape Security, Inc. | Reliable selection of security countermeasures |
US10341365B1 (en) | 2015-12-30 | 2019-07-02 | Fireeye, Inc. | Methods and system for hiding transition events for malware detection |
US10356121B2 (en) * | 2013-05-31 | 2019-07-16 | Catbird Networks, Inc. | Systems and methods for dynamic network security control and configuration |
US10367903B2 (en) | 2015-05-21 | 2019-07-30 | Shape Security, Inc. | Security systems for mitigating attacks from a headless browser executing on a client computer |
US10375026B2 (en) | 2015-10-28 | 2019-08-06 | Shape Security, Inc. | Web transaction status tracking |
US10417031B2 (en) | 2015-03-31 | 2019-09-17 | Fireeye, Inc. | Selective virtualization for security threat detection |
US10432649B1 (en) | 2014-03-20 | 2019-10-01 | Fireeye, Inc. | System and method for classifying an object based on an aggregated behavior results |
US10447728B1 (en) | 2015-12-10 | 2019-10-15 | Fireeye, Inc. | Technique for protecting guest processes using a layered virtualization architecture |
US10454950B1 (en) | 2015-06-30 | 2019-10-22 | Fireeye, Inc. | Centralized aggregation technique for detecting lateral movement of stealthy cyber-attacks |
US10462173B1 (en) | 2016-06-30 | 2019-10-29 | Fireeye, Inc. | Malware detection verification and enhancement by coordinating endpoint and malware detection systems |
US10474813B1 (en) | 2015-03-31 | 2019-11-12 | Fireeye, Inc. | Code injection technique for remediation at an endpoint of a network |
US10476906B1 (en) | 2016-03-25 | 2019-11-12 | Fireeye, Inc. | System and method for managing formation and modification of a cluster within a malware detection system |
US10491627B1 (en) | 2016-09-29 | 2019-11-26 | Fireeye, Inc. | Advanced malware detection using similarity analysis |
US10503904B1 (en) | 2017-06-29 | 2019-12-10 | Fireeye, Inc. | Ransomware detection and mitigation |
US10515214B1 (en) | 2013-09-30 | 2019-12-24 | Fireeye, Inc. | System and method for classifying malware within content created during analysis of a specimen |
US10523609B1 (en) | 2016-12-27 | 2019-12-31 | Fireeye, Inc. | Multi-vector malware detection and analysis |
US10528726B1 (en) | 2014-12-29 | 2020-01-07 | Fireeye, Inc. | Microvisor-based malware detection appliance architecture |
US10554777B1 (en) | 2014-01-21 | 2020-02-04 | Shape Security, Inc. | Caching for re-coding techniques |
US10552610B1 (en) | 2016-12-22 | 2020-02-04 | Fireeye, Inc. | Adaptive virtual machine snapshot update framework for malware behavioral analysis |
US10554507B1 (en) | 2017-03-30 | 2020-02-04 | Fireeye, Inc. | Multi-level control for enhanced resource and object evaluation management of malware detection system |
US10565378B1 (en) | 2015-12-30 | 2020-02-18 | Fireeye, Inc. | Exploit of privilege detection framework |
US10567419B2 (en) | 2015-07-06 | 2020-02-18 | Shape Security, Inc. | Asymmetrical challenges for web security |
US10572665B2 (en) | 2012-12-28 | 2020-02-25 | Fireeye, Inc. | System and method to create a number of breakpoints in a virtual machine via virtual machine trapping events |
US10581879B1 (en) | 2016-12-22 | 2020-03-03 | Fireeye, Inc. | Enhanced malware detection for generated objects |
US10581874B1 (en) | 2015-12-31 | 2020-03-03 | Fireeye, Inc. | Malware detection system with contextual analysis |
US10587647B1 (en) | 2016-11-22 | 2020-03-10 | Fireeye, Inc. | Technique for malware detection capability comparison of network security devices |
US10592678B1 (en) | 2016-09-09 | 2020-03-17 | Fireeye, Inc. | Secure communications between peers using a verified virtual trusted platform module |
US10601863B1 (en) | 2016-03-25 | 2020-03-24 | Fireeye, Inc. | System and method for managing sensor enrollment |
US10601865B1 (en) | 2015-09-30 | 2020-03-24 | Fireeye, Inc. | Detection of credential spearphishing attacks using email analysis |
US10601848B1 (en) | 2017-06-29 | 2020-03-24 | Fireeye, Inc. | Cyber-security system and method for weak indicator detection and correlation to generate strong indicators |
US10637880B1 (en) | 2013-05-13 | 2020-04-28 | Fireeye, Inc. | Classifying sets of malicious indicators for detecting command and control communications associated with malware |
US10642753B1 (en) | 2015-06-30 | 2020-05-05 | Fireeye, Inc. | System and method for protecting a software component running in virtual machine using a virtualization layer |
US10659498B2 (en) | 2016-01-08 | 2020-05-19 | Secureworks Corp. | Systems and methods for security configuration |
US10671726B1 (en) | 2014-09-22 | 2020-06-02 | Fireeye Inc. | System and method for malware analysis using thread-level event monitoring |
US10671721B1 (en) | 2016-03-25 | 2020-06-02 | Fireeye, Inc. | Timeout management services |
US10701091B1 (en) | 2013-03-15 | 2020-06-30 | Fireeye, Inc. | System and method for verifying a cyberthreat |
CN111382440A (en) * | 2018-12-27 | 2020-07-07 | 北京奇虎科技有限公司 | CPU vulnerability detection method and system based on virtual machine |
US10706149B1 (en) | 2015-09-30 | 2020-07-07 | Fireeye, Inc. | Detecting delayed activation malware using a primary controller and plural time controllers |
US10713358B2 (en) | 2013-03-15 | 2020-07-14 | Fireeye, Inc. | System and method to extract and utilize disassembly features to classify software intent |
US10715542B1 (en) | 2015-08-14 | 2020-07-14 | Fireeye, Inc. | Mobile application risk analysis |
CN111444508A (en) * | 2018-12-27 | 2020-07-24 | 北京奇虎科技有限公司 | CPU bug detection device and method based on virtual machine |
US10726127B1 (en) | 2015-06-30 | 2020-07-28 | Fireeye, Inc. | System and method for protecting a software component running in a virtual machine through virtual interrupts by the virtualization layer |
US10728263B1 (en) | 2015-04-13 | 2020-07-28 | Fireeye, Inc. | Analytic-based security monitoring system and method |
US10733295B2 (en) | 2014-12-30 | 2020-08-04 | British Telecommunications Public Limited Company | Malware detection in migrated virtual machines |
US10740456B1 (en) | 2014-01-16 | 2020-08-11 | Fireeye, Inc. | Threat-aware architecture |
US10747872B1 (en) | 2017-09-27 | 2020-08-18 | Fireeye, Inc. | System and method for preventing malware evasion |
US10785255B1 (en) | 2016-03-25 | 2020-09-22 | Fireeye, Inc. | Cluster configuration within a scalable malware detection system |
US10791138B1 (en) | 2017-03-30 | 2020-09-29 | Fireeye, Inc. | Subscription-based malware detection |
US10798112B2 (en) | 2017-03-30 | 2020-10-06 | Fireeye, Inc. | Attribute-controlled malware detection |
US10795991B1 (en) | 2016-11-08 | 2020-10-06 | Fireeye, Inc. | Enterprise search |
US10805346B2 (en) | 2017-10-01 | 2020-10-13 | Fireeye, Inc. | Phishing attack detection |
US10805340B1 (en) | 2014-06-26 | 2020-10-13 | Fireeye, Inc. | Infection vector and malware tracking with an interactive user display |
US10817606B1 (en) | 2015-09-30 | 2020-10-27 | Fireeye, Inc. | Detecting delayed activation malware using a run-time monitoring agent and time-dilation logic |
US10826931B1 (en) | 2018-03-29 | 2020-11-03 | Fireeye, Inc. | System and method for predicting and mitigating cybersecurity system misconfigurations |
US10848521B1 (en) | 2013-03-13 | 2020-11-24 | Fireeye, Inc. | Malicious content analysis using simulated user interaction without user involvement |
US10846117B1 (en) | 2015-12-10 | 2020-11-24 | Fireeye, Inc. | Technique for establishing secure communication between host and guest processes of a virtualization architecture |
US10855700B1 (en) | 2017-06-29 | 2020-12-01 | Fireeye, Inc. | Post-intrusion detection of cyber-attacks during lateral movement within networks |
US10893059B1 (en) | 2016-03-31 | 2021-01-12 | Fireeye, Inc. | Verification and enhancement using detection systems located at the network periphery and endpoint devices |
US10893068B1 (en) | 2017-06-30 | 2021-01-12 | Fireeye, Inc. | Ransomware file modification prevention technique |
US10902119B1 (en) | 2017-03-30 | 2021-01-26 | Fireeye, Inc. | Data extraction system for malware analysis |
US10904286B1 (en) | 2017-03-24 | 2021-01-26 | Fireeye, Inc. | Detection of phishing attacks using similarity analysis |
EP2881881B1 (en) * | 2013-12-05 | 2021-02-17 | McAfee, LLC | Machine-readable medium, method and system for detecting java sandbox escaping attacks based on java bytecode instrumentation and java method hooking |
US10929266B1 (en) | 2013-02-23 | 2021-02-23 | Fireeye, Inc. | Real-time visual playback with synchronous textual analysis log display and event/time indexing |
US10956477B1 (en) | 2018-03-30 | 2021-03-23 | Fireeye, Inc. | System and method for detecting malicious scripts through natural language processing modeling |
US11005860B1 (en) | 2017-12-28 | 2021-05-11 | Fireeye, Inc. | Method and system for efficient cybersecurity analysis of endpoint events |
US11003773B1 (en) | 2018-03-30 | 2021-05-11 | Fireeye, Inc. | System and method for automatically generating malware detection rule recommendations |
US11075930B1 (en) | 2018-06-27 | 2021-07-27 | Fireeye, Inc. | System and method for detecting repetitive cybersecurity attacks constituting an email campaign |
US11108809B2 (en) | 2017-10-27 | 2021-08-31 | Fireeye, Inc. | System and method for analyzing binary code for malware classification using artificial neural network techniques |
US11113086B1 (en) | 2015-06-30 | 2021-09-07 | Fireeye, Inc. | Virtual system and method for securing external network connectivity |
US11153341B1 (en) | 2004-04-01 | 2021-10-19 | Fireeye, Inc. | System and method for detecting malicious network content using virtual environment components |
US11159549B2 (en) | 2016-03-30 | 2021-10-26 | British Telecommunications Public Limited Company | Network traffic threat identification |
US11182473B1 (en) | 2018-09-13 | 2021-11-23 | Fireeye Security Holdings Us Llc | System and method for mitigating cyberattacks against processor operability by a guest process |
US11194901B2 (en) | 2016-03-30 | 2021-12-07 | British Telecommunications Public Limited Company | Detecting computer security threats using communication characteristics of communication protocols |
US11200080B1 (en) | 2015-12-11 | 2021-12-14 | Fireeye Security Holdings Us Llc | Late load technique for deploying a virtualization layer underneath a running operating system |
US11201876B2 (en) | 2015-12-24 | 2021-12-14 | British Telecommunications Public Limited Company | Malicious software identification |
US11228491B1 (en) | 2018-06-28 | 2022-01-18 | Fireeye Security Holdings Us Llc | System and method for distributed cluster configuration monitoring and management |
US11240275B1 (en) | 2017-12-28 | 2022-02-01 | Fireeye Security Holdings Us Llc | Platform and method for performing cybersecurity analyses employing an intelligence hub with a modular architecture |
US11244056B1 (en) | 2014-07-01 | 2022-02-08 | Fireeye Security Holdings Us Llc | Verification of trusted threat-aware visualization layer |
US11258806B1 (en) | 2019-06-24 | 2022-02-22 | Mandiant, Inc. | System and method for automatically associating cybersecurity intelligence to cyberthreat actors |
US11271955B2 (en) | 2017-12-28 | 2022-03-08 | Fireeye Security Holdings Us Llc | Platform and method for retroactive reclassification employing a cybersecurity-based global data store |
US11295021B2 (en) * | 2016-10-04 | 2022-04-05 | Hewlett-Packard Development Company, L.P. | Using a threat model to monitor host execution in a virtualized environment |
US11316900B1 (en) | 2018-06-29 | 2022-04-26 | FireEye Security Holdings Inc. | System and method for automatically prioritizing rules for cyber-threat detection and mitigation |
US11314859B1 (en) | 2018-06-27 | 2022-04-26 | FireEye Security Holdings, Inc. | Cyber-security system and method for detecting escalation of privileges within an access token |
US11368475B1 (en) | 2018-12-21 | 2022-06-21 | Fireeye Security Holdings Us Llc | System and method for scanning remote services to locate stored objects with malware |
US11381578B1 (en) | 2009-09-30 | 2022-07-05 | Fireeye Security Holdings Us Llc | Network-based binary file extraction and analysis for malware detection |
US11392700B1 (en) | 2019-06-28 | 2022-07-19 | Fireeye Security Holdings Us Llc | System and method for supporting cross-platform data verification |
US11411805B1 (en) | 2021-07-12 | 2022-08-09 | Bank Of America Corporation | System and method for detecting root cause of an exception error in a task flow in a distributed network |
US11423144B2 (en) | 2016-08-16 | 2022-08-23 | British Telecommunications Public Limited Company | Mitigating security attacks in virtualized computing environments |
US11438251B1 (en) | 2022-02-28 | 2022-09-06 | Bank Of America Corporation | System and method for automatic self-resolution of an exception error in a distributed network |
US11552986B1 (en) | 2015-12-31 | 2023-01-10 | Fireeye Security Holdings Us Llc | Cyber-security framework for application of virtual features |
US11558401B1 (en) | 2018-03-30 | 2023-01-17 | Fireeye Security Holdings Us Llc | Multi-vector malware detection data sharing system for improved detection |
US11556640B1 (en) | 2019-06-27 | 2023-01-17 | Mandiant, Inc. | Systems and methods for automated cybersecurity analysis of extracted binary string sets |
US11562076B2 (en) | 2016-08-16 | 2023-01-24 | British Telecommunications Public Limited Company | Reconfigured virtual machine to mitigate attack |
US11586733B2 (en) | 2014-12-30 | 2023-02-21 | British Telecommunications Public Limited Company | Malware detection |
US11637862B1 (en) | 2019-09-30 | 2023-04-25 | Mandiant, Inc. | System and method for surfacing cyber-security threats with a self-learning recommendation engine |
US20230195881A1 (en) * | 2021-12-16 | 2023-06-22 | Hewlett-Packard Development Company, L.P. | Virtual machines to install untrusted executable codes |
US11763004B1 (en) | 2018-09-27 | 2023-09-19 | Fireeye Security Holdings Us Llc | System and method for bootkit detection |
US11886585B1 (en) | 2019-09-27 | 2024-01-30 | Musarubra Us Llc | System and method for identifying and mitigating cyberattacks through malicious position-independent code execution |
US11892937B2 (en) | 2022-02-28 | 2024-02-06 | Bank Of America Corporation | Developer test environment with containerization of tightly coupled systems |
Families Citing this family (26)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102014201592A1 (en) | 2014-01-29 | 2015-07-30 | Siemens Aktiengesellschaft | Methods and apparatus for detecting autonomous, self-propagating software |
CN104461832B (en) * | 2015-01-07 | 2017-09-12 | 浪潮(北京)电子信息产业有限公司 | A kind of method and device for monitoring application server resource |
RU2634211C1 (en) | 2016-07-06 | 2017-10-24 | Общество с ограниченной ответственностью "Траст" | Method and system of protocols analysis of harmful programs interaction with control centers and detection of computer attacks |
RU2649793C2 (en) | 2016-08-03 | 2018-04-04 | ООО "Группа АйБи" | Method and system of detecting remote connection when working on web resource pages |
RU2634209C1 (en) | 2016-09-19 | 2017-10-24 | Общество с ограниченной ответственностью "Группа АйБи ТДС" | System and method of autogeneration of decision rules for intrusion detection systems with feedback |
RU2637477C1 (en) | 2016-12-29 | 2017-12-04 | Общество с ограниченной ответственностью "Траст" | System and method for detecting phishing web pages |
RU2671991C2 (en) | 2016-12-29 | 2018-11-08 | Общество с ограниченной ответственностью "Траст" | System and method for collecting information for detecting phishing |
RU2689816C2 (en) | 2017-11-21 | 2019-05-29 | ООО "Группа АйБи" | Method for classifying sequence of user actions (embodiments) |
RU2677361C1 (en) | 2018-01-17 | 2019-01-16 | Общество с ограниченной ответственностью "Траст" | Method and system of decentralized identification of malware programs |
RU2677368C1 (en) | 2018-01-17 | 2019-01-16 | Общество С Ограниченной Ответственностью "Группа Айби" | Method and system for automatic determination of fuzzy duplicates of video content |
RU2668710C1 (en) | 2018-01-17 | 2018-10-02 | Общество с ограниченной ответственностью "Группа АйБи ТДС" | Computing device and method for detecting malicious domain names in network traffic |
RU2680736C1 (en) * | 2018-01-17 | 2019-02-26 | Общество с ограниченной ответственностью "Группа АйБи ТДС" | Malware files in network traffic detection server and method |
RU2676247C1 (en) | 2018-01-17 | 2018-12-26 | Общество С Ограниченной Ответственностью "Группа Айби" | Web resources clustering method and computer device |
RU2681699C1 (en) | 2018-02-13 | 2019-03-12 | Общество с ограниченной ответственностью "Траст" | Method and server for searching related network resources |
RU2708508C1 (en) | 2018-12-17 | 2019-12-09 | Общество с ограниченной ответственностью "Траст" | Method and a computing device for detecting suspicious users in messaging systems |
RU2701040C1 (en) | 2018-12-28 | 2019-09-24 | Общество с ограниченной ответственностью "Траст" | Method and a computer for informing on malicious web resources |
SG11202101624WA (en) | 2019-02-27 | 2021-03-30 | Group Ib Ltd | Method and system for user identification by keystroke dynamics |
RU2728497C1 (en) | 2019-12-05 | 2020-07-29 | Общество с ограниченной ответственностью "Группа АйБи ТДС" | Method and system for determining belonging of software by its machine code |
RU2728498C1 (en) | 2019-12-05 | 2020-07-29 | Общество с ограниченной ответственностью "Группа АйБи ТДС" | Method and system for determining software belonging by its source code |
RU2743974C1 (en) | 2019-12-19 | 2021-03-01 | Общество с ограниченной ответственностью "Группа АйБи ТДС" | System and method for scanning security of elements of network architecture |
SG10202001963TA (en) | 2020-03-04 | 2021-10-28 | Group Ib Global Private Ltd | System and method for brand protection based on the search results |
CN112019506B (en) * | 2020-07-28 | 2023-04-18 | 杭州安恒信息技术股份有限公司 | Phishing mail detection method based on behavior recognition, electronic device and medium |
RU2743619C1 (en) | 2020-08-06 | 2021-02-20 | Общество с ограниченной ответственностью "Группа АйБи ТДС" | Method and system for generating the list of compromise indicators |
CN112822291A (en) * | 2021-02-07 | 2021-05-18 | 国网福建省电力有限公司电力科学研究院 | Monitoring method and device for industrial control equipment |
US11947572B2 (en) | 2021-03-29 | 2024-04-02 | Group IB TDS, Ltd | Method and system for clustering executable files |
CN113806750B (en) * | 2021-09-24 | 2024-02-23 | 深信服科技股份有限公司 | File security risk detection method, training method, device and equipment of model |
Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1997027536A1 (en) | 1996-01-24 | 1997-07-31 | Sun Microsystems, Inc. | Instruction folding for a stack-based machine |
US20050076186A1 (en) | 2003-10-03 | 2005-04-07 | Microsoft Corporation | Systems and methods for improving the x86 architecture for processor virtualization, and software systems and methods for utilizing the improvements |
US7007301B2 (en) | 2000-06-12 | 2006-02-28 | Hewlett-Packard Development Company, L.P. | Computer architecture for an intrusion detection system |
US7263690B1 (en) | 2003-11-14 | 2007-08-28 | Sun Microsystems, Inc. | Mechanism for safe byte code in a tracing framework |
US20090320011A1 (en) | 2008-06-20 | 2009-12-24 | Vmware, Inc. | Accelerating replayed program execution to support decoupled program analysis |
US20100122343A1 (en) | 2008-09-12 | 2010-05-13 | Anup Ghosh | Distributed Sensor for Detecting Malicious Software |
US20100257608A1 (en) | 2009-04-07 | 2010-10-07 | Samsung Electronics Co., Ltd. | Apparatus and method for preventing virus code execution |
US20110197256A1 (en) | 2009-12-18 | 2011-08-11 | Assured Information Security, Inc. | Methods for securing a processing system and devices thereof |
US20110219447A1 (en) | 2010-03-08 | 2011-09-08 | Vmware, Inc. | Identification of Unauthorized Code Running in an Operating System's Kernel |
US8201246B1 (en) | 2008-02-25 | 2012-06-12 | Trend Micro Incorporated | Preventing malicious codes from performing malicious actions in a computer system |
US8225317B1 (en) | 2009-04-17 | 2012-07-17 | Symantec Corporation | Insertion and invocation of virtual appliance agents through exception handling regions of virtual machines |
US8239939B2 (en) | 2005-07-15 | 2012-08-07 | Microsoft Corporation | Browser protection module |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2378535A (en) * | 2001-08-06 | 2003-02-12 | Ibm | Method and apparatus for suspending a software virtual machine |
US20030229794A1 (en) * | 2002-06-07 | 2003-12-11 | Sutton James A. | System and method for protection against untrusted system management code by redirecting a system management interrupt and creating a virtual machine container |
CN102750475B (en) * | 2012-06-07 | 2017-08-15 | 中国电子科技集团公司第三十研究所 | Malicious code behavioral value method and system are compared based on view intersection inside and outside virtual machine |
-
2012
- 2012-12-25 RU RU2012156443/08A patent/RU2522019C1/en active
-
2013
- 2013-02-14 US US13/767,391 patent/US8713631B1/en active Active
- 2013-05-10 FR FR1354230A patent/FR3000249B3/en not_active Expired - Lifetime
- 2013-05-17 DE DE201320102179 patent/DE202013102179U1/en not_active Expired - Lifetime
- 2013-12-03 CN CN201310642107.1A patent/CN103593608B/en active Active
Patent Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1997027536A1 (en) | 1996-01-24 | 1997-07-31 | Sun Microsystems, Inc. | Instruction folding for a stack-based machine |
US7007301B2 (en) | 2000-06-12 | 2006-02-28 | Hewlett-Packard Development Company, L.P. | Computer architecture for an intrusion detection system |
US20050076186A1 (en) | 2003-10-03 | 2005-04-07 | Microsoft Corporation | Systems and methods for improving the x86 architecture for processor virtualization, and software systems and methods for utilizing the improvements |
US7263690B1 (en) | 2003-11-14 | 2007-08-28 | Sun Microsystems, Inc. | Mechanism for safe byte code in a tracing framework |
US8239939B2 (en) | 2005-07-15 | 2012-08-07 | Microsoft Corporation | Browser protection module |
US8201246B1 (en) | 2008-02-25 | 2012-06-12 | Trend Micro Incorporated | Preventing malicious codes from performing malicious actions in a computer system |
US20090320011A1 (en) | 2008-06-20 | 2009-12-24 | Vmware, Inc. | Accelerating replayed program execution to support decoupled program analysis |
US20100122343A1 (en) | 2008-09-12 | 2010-05-13 | Anup Ghosh | Distributed Sensor for Detecting Malicious Software |
US20100257608A1 (en) | 2009-04-07 | 2010-10-07 | Samsung Electronics Co., Ltd. | Apparatus and method for preventing virus code execution |
US8225317B1 (en) | 2009-04-17 | 2012-07-17 | Symantec Corporation | Insertion and invocation of virtual appliance agents through exception handling regions of virtual machines |
US20110197256A1 (en) | 2009-12-18 | 2011-08-11 | Assured Information Security, Inc. | Methods for securing a processing system and devices thereof |
US20110219447A1 (en) | 2010-03-08 | 2011-09-08 | Vmware, Inc. | Identification of Unauthorized Code Running in an Operating System's Kernel |
Non-Patent Citations (4)
Title |
---|
"Java and Java Virtual Machine security vulnerabilities and their exploitation techniques" presented by The Last Stage of Delirium Research Group. Poland. http://LSD-PLaNet. Black Hat Briefings. Singapore. Oct. 3-4, 2002. |
Chiueh et al., "Stealthy Deployment and Execution of In-Guest Kernel Agents", Symantec Research Labs. Jun. 2009. |
Payne et al., "Lares: An Architecture for Secure Active Monitoring Using Virtualization". Georgia Institute of Technology. Atlanta, Georgia. Mar. 2008. |
Sharif et al., "Secure In-VM Monitoring Using Hardware Virtualization" Georgia Institute of Technology. Nov. 9-13, 2009. |
Cited By (283)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9661018B1 (en) | 2004-04-01 | 2017-05-23 | Fireeye, Inc. | System and method for detecting anomalous behaviors using a virtual machine environment |
US11637857B1 (en) | 2004-04-01 | 2023-04-25 | Fireeye Security Holdings Us Llc | System and method for detecting malicious traffic using a virtual machine configured with a select software environment |
US9591020B1 (en) | 2004-04-01 | 2017-03-07 | Fireeye, Inc. | System and method for signature generation |
US10511614B1 (en) | 2004-04-01 | 2019-12-17 | Fireeye, Inc. | Subscription based malware detection under management system control |
US10165000B1 (en) | 2004-04-01 | 2018-12-25 | Fireeye, Inc. | Systems and methods for malware attack prevention by intercepting flows of information |
US9516057B2 (en) | 2004-04-01 | 2016-12-06 | Fireeye, Inc. | Systems and methods for computer worm defense |
US10097573B1 (en) | 2004-04-01 | 2018-10-09 | Fireeye, Inc. | Systems and methods for malware defense |
US10567405B1 (en) | 2004-04-01 | 2020-02-18 | Fireeye, Inc. | System for detecting a presence of malware from behavioral analysis |
US9628498B1 (en) | 2004-04-01 | 2017-04-18 | Fireeye, Inc. | System and method for bot detection |
US9838411B1 (en) | 2004-04-01 | 2017-12-05 | Fireeye, Inc. | Subscriber based protection system |
US10068091B1 (en) | 2004-04-01 | 2018-09-04 | Fireeye, Inc. | System and method for malware containment |
US10027690B2 (en) | 2004-04-01 | 2018-07-17 | Fireeye, Inc. | Electronic message analysis for malware detection |
US10757120B1 (en) | 2004-04-01 | 2020-08-25 | Fireeye, Inc. | Malicious network content detection |
US11153341B1 (en) | 2004-04-01 | 2021-10-19 | Fireeye, Inc. | System and method for detecting malicious network content using virtual environment components |
US9282109B1 (en) | 2004-04-01 | 2016-03-08 | Fireeye, Inc. | System and method for analyzing packets |
US10284574B1 (en) | 2004-04-01 | 2019-05-07 | Fireeye, Inc. | System and method for threat detection and identification |
US11082435B1 (en) | 2004-04-01 | 2021-08-03 | Fireeye, Inc. | System and method for threat detection and identification |
US10587636B1 (en) | 2004-04-01 | 2020-03-10 | Fireeye, Inc. | System and method for bot detection |
US9306960B1 (en) | 2004-04-01 | 2016-04-05 | Fireeye, Inc. | Systems and methods for unauthorized activity defense |
US10623434B1 (en) | 2004-04-01 | 2020-04-14 | Fireeye, Inc. | System and method for virtual analysis of network data |
US9912684B1 (en) | 2004-04-01 | 2018-03-06 | Fireeye, Inc. | System and method for virtual analysis of network data |
US9838416B1 (en) | 2004-06-14 | 2017-12-05 | Fireeye, Inc. | System and method of detecting malicious content |
US9438622B1 (en) | 2008-11-03 | 2016-09-06 | Fireeye, Inc. | Systems and methods for analyzing malicious PDF network content |
US9954890B1 (en) | 2008-11-03 | 2018-04-24 | Fireeye, Inc. | Systems and methods for analyzing PDF documents |
US11381578B1 (en) | 2009-09-30 | 2022-07-05 | Fireeye Security Holdings Us Llc | Network-based binary file extraction and analysis for malware detection |
US10572665B2 (en) | 2012-12-28 | 2020-02-25 | Fireeye, Inc. | System and method to create a number of breakpoints in a virtual machine via virtual machine trapping events |
US9176843B1 (en) | 2013-02-23 | 2015-11-03 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications |
US9792196B1 (en) | 2013-02-23 | 2017-10-17 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications |
US9367681B1 (en) | 2013-02-23 | 2016-06-14 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications using symbolic execution to reach regions of interest within an application |
US9225740B1 (en) | 2013-02-23 | 2015-12-29 | Fireeye, Inc. | Framework for iterative analysis of mobile software applications |
US9594905B1 (en) | 2013-02-23 | 2017-03-14 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications using machine learning |
US8990944B1 (en) | 2013-02-23 | 2015-03-24 | Fireeye, Inc. | Systems and methods for automatically detecting backdoors |
US9159035B1 (en) | 2013-02-23 | 2015-10-13 | Fireeye, Inc. | Framework for computer application analysis of sensitive information tracking |
US10296437B2 (en) | 2013-02-23 | 2019-05-21 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications |
US9009822B1 (en) * | 2013-02-23 | 2015-04-14 | Fireeye, Inc. | Framework for multi-phase analysis of mobile applications |
US9009823B1 (en) | 2013-02-23 | 2015-04-14 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications installed on mobile devices |
US10929266B1 (en) | 2013-02-23 | 2021-02-23 | Fireeye, Inc. | Real-time visual playback with synchronous textual analysis log display and event/time indexing |
US10848521B1 (en) | 2013-03-13 | 2020-11-24 | Fireeye, Inc. | Malicious content analysis using simulated user interaction without user involvement |
US11210390B1 (en) | 2013-03-13 | 2021-12-28 | Fireeye Security Holdings Us Llc | Multi-version application support and registration within a single operating system environment |
US9355247B1 (en) | 2013-03-13 | 2016-05-31 | Fireeye, Inc. | File extraction from memory dump for malicious content analysis |
US10025927B1 (en) | 2013-03-13 | 2018-07-17 | Fireeye, Inc. | Malicious content analysis with multi-version application support within single operating environment |
US9626509B1 (en) | 2013-03-13 | 2017-04-18 | Fireeye, Inc. | Malicious content analysis with multi-version application support within single operating environment |
US10198574B1 (en) | 2013-03-13 | 2019-02-05 | Fireeye, Inc. | System and method for analysis of a memory dump associated with a potentially malicious content suspect |
US9641546B1 (en) | 2013-03-14 | 2017-05-02 | Fireeye, Inc. | Electronic device for aggregation, correlation and consolidation of analysis attributes |
US10200384B1 (en) | 2013-03-14 | 2019-02-05 | Fireeye, Inc. | Distributed systems and methods for automatically detecting unknown bots and botnets |
US10812513B1 (en) | 2013-03-14 | 2020-10-20 | Fireeye, Inc. | Correlation and consolidation holistic views of analytic data pertaining to a malware attack |
US9311479B1 (en) | 2013-03-14 | 2016-04-12 | Fireeye, Inc. | Correlation and consolidation of analytic data for holistic view of a malware attack |
US10122746B1 (en) | 2013-03-14 | 2018-11-06 | Fireeye, Inc. | Correlation and consolidation of analytic data for holistic view of malware attack |
US9430646B1 (en) | 2013-03-14 | 2016-08-30 | Fireeye, Inc. | Distributed systems and methods for automatically detecting unknown bots and botnets |
US9973519B2 (en) | 2013-03-15 | 2018-05-15 | Shape Security, Inc. | Protecting a server computer by detecting the identity of a browser on a client computer |
US10713358B2 (en) | 2013-03-15 | 2020-07-14 | Fireeye, Inc. | System and method to extract and utilize disassembly features to classify software intent |
US10701091B1 (en) | 2013-03-15 | 2020-06-30 | Fireeye, Inc. | System and method for verifying a cyberthreat |
US20160323297A1 (en) * | 2013-03-15 | 2016-11-03 | Intel Corporation | Method, apparatus, system, and computer readable medium for providing apparatus security |
US10205742B2 (en) | 2013-03-15 | 2019-02-12 | Shape Security, Inc. | Stateless web content anti-automation |
US10536479B2 (en) | 2013-03-15 | 2020-01-14 | Shape Security, Inc. | Code modification for automation detection |
US10193909B2 (en) | 2013-03-15 | 2019-01-29 | Shape Security, Inc. | Using instrumentation code to detect bots or malware |
US9923919B2 (en) | 2013-03-15 | 2018-03-20 | Shape Security, Inc. | Safe intelligent content modification |
US20140282832A1 (en) * | 2013-03-15 | 2014-09-18 | Intel Corporation | Method, apparatus, system, and computer readable medium for providing apparatus security |
US10091216B2 (en) * | 2013-03-15 | 2018-10-02 | Intel Corporation | Method, apparatus, system, and computer readable medium for providing apparatus security |
US9298911B2 (en) * | 2013-03-15 | 2016-03-29 | Intel Corporation | Method, apparatus, system, and computer readable medium for providing apparatus security |
US9495180B2 (en) | 2013-05-10 | 2016-11-15 | Fireeye, Inc. | Optimized resource allocation for virtual machines within a malware content detection system |
US10469512B1 (en) | 2013-05-10 | 2019-11-05 | Fireeye, Inc. | Optimized resource allocation for virtual machines within a malware content detection system |
US10637880B1 (en) | 2013-05-13 | 2020-04-28 | Fireeye, Inc. | Classifying sets of malicious indicators for detecting command and control communications associated with malware |
US10356121B2 (en) * | 2013-05-31 | 2019-07-16 | Catbird Networks, Inc. | Systems and methods for dynamic network security control and configuration |
US10133863B2 (en) | 2013-06-24 | 2018-11-20 | Fireeye, Inc. | Zero-day discovery system |
US10505956B1 (en) | 2013-06-28 | 2019-12-10 | Fireeye, Inc. | System and method for detecting malicious links in electronic messages |
US9888019B1 (en) | 2013-06-28 | 2018-02-06 | Fireeye, Inc. | System and method for detecting malicious links in electronic messages |
US9300686B2 (en) | 2013-06-28 | 2016-03-29 | Fireeye, Inc. | System and method for detecting malicious links in electronic messages |
US20150089652A1 (en) * | 2013-07-15 | 2015-03-26 | Eset, Spol. S R. O. | Methods of detection of software exploitation |
US20150089653A1 (en) * | 2013-07-15 | 2015-03-26 | Eset, Spol. S R.O. | Methods of detection of software exploitation |
US10218740B1 (en) | 2013-09-30 | 2019-02-26 | Fireeye, Inc. | Fuzzy hash of behavioral results |
US10657251B1 (en) | 2013-09-30 | 2020-05-19 | Fireeye, Inc. | Multistage system and method for analyzing obfuscated content for malware |
US10515214B1 (en) | 2013-09-30 | 2019-12-24 | Fireeye, Inc. | System and method for classifying malware within content created during analysis of a specimen |
US10713362B1 (en) | 2013-09-30 | 2020-07-14 | Fireeye, Inc. | Dynamically adaptive framework and method for classifying malware using intelligent static, emulation, and dynamic analyses |
US9294501B2 (en) | 2013-09-30 | 2016-03-22 | Fireeye, Inc. | Fuzzy hash of behavioral results |
US9628507B2 (en) | 2013-09-30 | 2017-04-18 | Fireeye, Inc. | Advanced persistent threat (APT) detection center |
US9736179B2 (en) | 2013-09-30 | 2017-08-15 | Fireeye, Inc. | System, apparatus and method for using malware analysis results to drive adaptive instrumentation of virtual machines to improve exploit detection |
US9690936B1 (en) | 2013-09-30 | 2017-06-27 | Fireeye, Inc. | Multistage system and method for analyzing obfuscated content for malware |
US10735458B1 (en) | 2013-09-30 | 2020-08-04 | Fireeye, Inc. | Detection center to detect targeted malware |
US9910988B1 (en) | 2013-09-30 | 2018-03-06 | Fireeye, Inc. | Malware analysis in accordance with an analysis plan |
US11075945B2 (en) | 2013-09-30 | 2021-07-27 | Fireeye, Inc. | System, apparatus and method for reconfiguring virtual machines |
US9912691B2 (en) | 2013-09-30 | 2018-03-06 | Fireeye, Inc. | Fuzzy hash of behavioral results |
US9921978B1 (en) | 2013-11-08 | 2018-03-20 | Fireeye, Inc. | System and method for enhanced security of storage devices |
EP2881881B1 (en) * | 2013-12-05 | 2021-02-17 | McAfee, LLC | Machine-readable medium, method and system for detecting java sandbox escaping attacks based on java bytecode instrumentation and java method hooking |
US9756074B2 (en) | 2013-12-26 | 2017-09-05 | Fireeye, Inc. | System and method for IPS and VM-based detection of suspicious objects |
US9306974B1 (en) | 2013-12-26 | 2016-04-05 | Fireeye, Inc. | System, apparatus and method for automatically verifying exploits within suspect objects and highlighting the display information associated with the verified exploits |
US11089057B1 (en) | 2013-12-26 | 2021-08-10 | Fireeye, Inc. | System, apparatus and method for automatically verifying exploits within suspect objects and highlighting the display information associated with the verified exploits |
US10467411B1 (en) | 2013-12-26 | 2019-11-05 | Fireeye, Inc. | System and method for generating a malware identifier |
US10476909B1 (en) | 2013-12-26 | 2019-11-12 | Fireeye, Inc. | System, apparatus and method for automatically verifying exploits within suspect objects and highlighting the display information associated with the verified exploits |
US9747446B1 (en) | 2013-12-26 | 2017-08-29 | Fireeye, Inc. | System and method for run-time object classification |
US9817638B2 (en) * | 2013-12-27 | 2017-11-14 | Symantec Corporation | Systems and methods for injecting code into an application |
US10740456B1 (en) | 2014-01-16 | 2020-08-11 | Fireeye, Inc. | Threat-aware architecture |
US10652275B2 (en) | 2014-01-20 | 2020-05-12 | Shape Security, Inc. | Management of calls to transformed operations and objects |
US10044753B2 (en) | 2014-01-20 | 2018-08-07 | Shape Security, Inc. | Intercepting and supervising calls to transformed operations and objects |
US10212137B1 (en) | 2014-01-21 | 2019-02-19 | Shape Security, Inc. | Blind hash compression |
US10554777B1 (en) | 2014-01-21 | 2020-02-04 | Shape Security, Inc. | Caching for re-coding techniques |
US9262635B2 (en) | 2014-02-05 | 2016-02-16 | Fireeye, Inc. | Detection efficacy of virtual machine-based analysis with application specific events |
US9916440B1 (en) | 2014-02-05 | 2018-03-13 | Fireeye, Inc. | Detection efficacy of virtual machine-based analysis with application specific events |
US10534906B1 (en) | 2014-02-05 | 2020-01-14 | Fireeye, Inc. | Detection efficacy of virtual machine-based analysis with application specific events |
US10432649B1 (en) | 2014-03-20 | 2019-10-01 | Fireeye, Inc. | System and method for classifying an object based on an aggregated behavior results |
US10242185B1 (en) | 2014-03-21 | 2019-03-26 | Fireeye, Inc. | Dynamic guest image creation and rollback |
US11068587B1 (en) | 2014-03-21 | 2021-07-20 | Fireeye, Inc. | Dynamic guest image creation and rollback |
US9684786B2 (en) * | 2014-03-27 | 2017-06-20 | International Business Machines Corporation | Monitoring an application in a process virtual machine |
US20150278511A1 (en) * | 2014-03-27 | 2015-10-01 | International Business Machines Corporation | Monitoring an application in a process virtual machine |
US9721092B2 (en) * | 2014-03-27 | 2017-08-01 | International Busines Machines Corporation | Monitoring an application in a process virtual machine |
US20150278515A1 (en) * | 2014-03-27 | 2015-10-01 | International Business Machines Corporation | Monitoring an application in a process virtual machine |
US11082436B1 (en) | 2014-03-28 | 2021-08-03 | Fireeye, Inc. | System and method for offloading packet processing and static analysis operations |
US9591015B1 (en) | 2014-03-28 | 2017-03-07 | Fireeye, Inc. | System and method for offloading packet processing and static analysis operations |
US9787700B1 (en) | 2014-03-28 | 2017-10-10 | Fireeye, Inc. | System and method for offloading packet processing and static analysis operations |
US10454953B1 (en) | 2014-03-28 | 2019-10-22 | Fireeye, Inc. | System and method for separated packet processing and static analysis |
US11297074B1 (en) | 2014-03-31 | 2022-04-05 | FireEye Security Holdings, Inc. | Dynamically remote tuning of a malware content detection system |
US9223972B1 (en) | 2014-03-31 | 2015-12-29 | Fireeye, Inc. | Dynamically remote tuning of a malware content detection system |
US9432389B1 (en) | 2014-03-31 | 2016-08-30 | Fireeye, Inc. | System, apparatus and method for detecting a malicious attack based on static analysis of a multi-flow object |
US10341363B1 (en) | 2014-03-31 | 2019-07-02 | Fireeye, Inc. | Dynamically remote tuning of a malware content detection system |
US11949698B1 (en) | 2014-03-31 | 2024-04-02 | Musarubra Us Llc | Dynamically remote tuning of a malware content detection system |
US10187408B1 (en) * | 2014-04-17 | 2019-01-22 | Shape Security, Inc. | Detecting attacks against a server computer based on characterizing user interactions with the client computing device |
US9973531B1 (en) | 2014-06-06 | 2018-05-15 | Fireeye, Inc. | Shellcode detection |
US9438623B1 (en) | 2014-06-06 | 2016-09-06 | Fireeye, Inc. | Computer exploit detection using heap spray pattern matching |
US9594912B1 (en) | 2014-06-06 | 2017-03-14 | Fireeye, Inc. | Return-oriented programming detection |
US10757134B1 (en) | 2014-06-24 | 2020-08-25 | Fireeye, Inc. | System and method for detecting and remediating a cybersecurity attack |
US10084813B2 (en) | 2014-06-24 | 2018-09-25 | Fireeye, Inc. | Intrusion prevention and remedy system |
US9661009B1 (en) | 2014-06-26 | 2017-05-23 | Fireeye, Inc. | Network-based malware detection |
US9838408B1 (en) | 2014-06-26 | 2017-12-05 | Fireeye, Inc. | System, device and method for detecting a malicious attack based on direct communications between remotely hosted virtual machines and malicious web servers |
US9398028B1 (en) | 2014-06-26 | 2016-07-19 | Fireeye, Inc. | System, device and method for detecting a malicious attack based on communcations between remotely hosted virtual machines and malicious web servers |
US10805340B1 (en) | 2014-06-26 | 2020-10-13 | Fireeye, Inc. | Infection vector and malware tracking with an interactive user display |
US10089216B2 (en) | 2014-06-30 | 2018-10-02 | Shape Security, Inc. | Automatically determining whether a page of a web site is broken despite elements on the page that may change |
US11244056B1 (en) | 2014-07-01 | 2022-02-08 | Fireeye Security Holdings Us Llc | Verification of trusted threat-aware visualization layer |
US10333924B2 (en) | 2014-07-01 | 2019-06-25 | Shape Security, Inc. | Reliable selection of security countermeasures |
US20160021142A1 (en) * | 2014-07-17 | 2016-01-21 | Check Point Advanced Threat Prevention Ltd | Automatic content inspection system for exploit detection |
US9832215B2 (en) * | 2014-07-17 | 2017-11-28 | Check Point Advanced Threat Prevention Ltd | Automatic content inspection system for exploit detection |
US9672354B2 (en) | 2014-08-18 | 2017-06-06 | Bitdefender IPR Management Ltd. | Systems and methods for exposing a result of a current processor instruction upon exiting a virtual machine |
US10404725B1 (en) | 2014-08-22 | 2019-09-03 | Fireeye, Inc. | System and method of detecting delivery of malware using cross-customer data |
US10027696B1 (en) | 2014-08-22 | 2018-07-17 | Fireeye, Inc. | System and method for determining a threat based on correlation of indicators of compromise from other sources |
US9363280B1 (en) | 2014-08-22 | 2016-06-07 | Fireeye, Inc. | System and method of detecting delivery of malware using cross-customer data |
US9609007B1 (en) | 2014-08-22 | 2017-03-28 | Fireeye, Inc. | System and method of detecting delivery of malware based on indicators of compromise from different sources |
US10671726B1 (en) | 2014-09-22 | 2020-06-02 | Fireeye Inc. | System and method for malware analysis using thread-level event monitoring |
US10027689B1 (en) | 2014-09-29 | 2018-07-17 | Fireeye, Inc. | Interactive infection visualization for improved exploit detection and signature generation for malware and malware families |
US10868818B1 (en) | 2014-09-29 | 2020-12-15 | Fireeye, Inc. | Systems and methods for generation of signature generation using interactive infection visualizations |
US9773112B1 (en) | 2014-09-29 | 2017-09-26 | Fireeye, Inc. | Exploit detection of malware and malware families |
US9690933B1 (en) | 2014-12-22 | 2017-06-27 | Fireeye, Inc. | Framework for classifying an object as malicious with machine learning for deploying updated predictive models |
US10366231B1 (en) | 2014-12-22 | 2019-07-30 | Fireeye, Inc. | Framework for classifying an object as malicious with machine learning for deploying updated predictive models |
US10902117B1 (en) | 2014-12-22 | 2021-01-26 | Fireeye, Inc. | Framework for classifying an object as malicious with machine learning for deploying updated predictive models |
CN107408176A (en) * | 2014-12-23 | 2017-11-28 | 迈克菲有限责任公司 | The execution of malicious objects dissects detection |
US9934380B2 (en) | 2014-12-23 | 2018-04-03 | Mcafee, Llc | Execution profiling detection of malicious objects |
WO2016105860A1 (en) * | 2014-12-23 | 2016-06-30 | Mcafee, Inc. | Execution profiling detection of malicious objects |
EP3238121A4 (en) * | 2014-12-23 | 2018-07-04 | McAfee, Inc. | Execution profiling detection of malicious objects |
US10075455B2 (en) | 2014-12-26 | 2018-09-11 | Fireeye, Inc. | Zero-day rotating guest image profile |
US10528726B1 (en) | 2014-12-29 | 2020-01-07 | Fireeye, Inc. | Microvisor-based malware detection appliance architecture |
US11586733B2 (en) | 2014-12-30 | 2023-02-21 | British Telecommunications Public Limited Company | Malware detection |
US10798121B1 (en) | 2014-12-30 | 2020-10-06 | Fireeye, Inc. | Intelligent context aware user interaction for malware detection |
US9838417B1 (en) | 2014-12-30 | 2017-12-05 | Fireeye, Inc. | Intelligent context aware user interaction for malware detection |
US10733295B2 (en) | 2014-12-30 | 2020-08-04 | British Telecommunications Public Limited Company | Malware detection in migrated virtual machines |
US10148693B2 (en) | 2015-03-25 | 2018-12-04 | Fireeye, Inc. | Exploit detection system |
US10666686B1 (en) | 2015-03-25 | 2020-05-26 | Fireeye, Inc. | Virtualized exploit detection system |
US9690606B1 (en) | 2015-03-25 | 2017-06-27 | Fireeye, Inc. | Selective system call monitoring |
US9438613B1 (en) | 2015-03-30 | 2016-09-06 | Fireeye, Inc. | Dynamic content activation for automated analysis of embedded objects |
US11294705B1 (en) | 2015-03-31 | 2022-04-05 | Fireeye Security Holdings Us Llc | Selective virtualization for security threat detection |
US9846776B1 (en) | 2015-03-31 | 2017-12-19 | Fireeye, Inc. | System and method for detecting file altering behaviors pertaining to a malicious attack |
US10474813B1 (en) | 2015-03-31 | 2019-11-12 | Fireeye, Inc. | Code injection technique for remediation at an endpoint of a network |
US10417031B2 (en) | 2015-03-31 | 2019-09-17 | Fireeye, Inc. | Selective virtualization for security threat detection |
US11868795B1 (en) | 2015-03-31 | 2024-01-09 | Musarubra Us Llc | Selective virtualization for security threat detection |
US9483644B1 (en) | 2015-03-31 | 2016-11-01 | Fireeye, Inc. | Methods for detecting file altering malware in VM based analysis |
US10728263B1 (en) | 2015-04-13 | 2020-07-28 | Fireeye, Inc. | Analytic-based security monitoring system and method |
US9594904B1 (en) | 2015-04-23 | 2017-03-14 | Fireeye, Inc. | Detecting malware based on reflection |
US10367903B2 (en) | 2015-05-21 | 2019-07-30 | Shape Security, Inc. | Security systems for mitigating attacks from a headless browser executing on a client computer |
US10798202B2 (en) | 2015-05-21 | 2020-10-06 | Shape Security, Inc. | Security systems for mitigating attacks from a headless browser executing on a client computer |
US10726127B1 (en) | 2015-06-30 | 2020-07-28 | Fireeye, Inc. | System and method for protecting a software component running in a virtual machine through virtual interrupts by the virtualization layer |
US10454950B1 (en) | 2015-06-30 | 2019-10-22 | Fireeye, Inc. | Centralized aggregation technique for detecting lateral movement of stealthy cyber-attacks |
US11113086B1 (en) | 2015-06-30 | 2021-09-07 | Fireeye, Inc. | Virtual system and method for securing external network connectivity |
US10642753B1 (en) | 2015-06-30 | 2020-05-05 | Fireeye, Inc. | System and method for protecting a software component running in virtual machine using a virtualization layer |
US10567419B2 (en) | 2015-07-06 | 2020-02-18 | Shape Security, Inc. | Asymmetrical challenges for web security |
US10230718B2 (en) | 2015-07-07 | 2019-03-12 | Shape Security, Inc. | Split serving of computer code |
US10715542B1 (en) | 2015-08-14 | 2020-07-14 | Fireeye, Inc. | Mobile application risk analysis |
US10176321B2 (en) | 2015-09-22 | 2019-01-08 | Fireeye, Inc. | Leveraging behavior-based rules for malware family classification |
US10887328B1 (en) | 2015-09-29 | 2021-01-05 | Fireeye, Inc. | System and method for detecting interpreter-based exploit attacks |
US10033747B1 (en) | 2015-09-29 | 2018-07-24 | Fireeye, Inc. | System and method for detecting interpreter-based exploit attacks |
US9825989B1 (en) | 2015-09-30 | 2017-11-21 | Fireeye, Inc. | Cyber attack early warning system |
US9825976B1 (en) | 2015-09-30 | 2017-11-21 | Fireeye, Inc. | Detection and classification of exploit kits |
US11244044B1 (en) | 2015-09-30 | 2022-02-08 | Fireeye Security Holdings Us Llc | Method to detect application execution hijacking using memory protection |
US10210329B1 (en) | 2015-09-30 | 2019-02-19 | Fireeye, Inc. | Method to detect application execution hijacking using memory protection |
US10601865B1 (en) | 2015-09-30 | 2020-03-24 | Fireeye, Inc. | Detection of credential spearphishing attacks using email analysis |
US10873597B1 (en) | 2015-09-30 | 2020-12-22 | Fireeye, Inc. | Cyber attack early warning system |
US10817606B1 (en) | 2015-09-30 | 2020-10-27 | Fireeye, Inc. | Detecting delayed activation malware using a run-time monitoring agent and time-dilation logic |
US10706149B1 (en) | 2015-09-30 | 2020-07-07 | Fireeye, Inc. | Detecting delayed activation malware using a primary controller and plural time controllers |
US10375026B2 (en) | 2015-10-28 | 2019-08-06 | Shape Security, Inc. | Web transaction status tracking |
US9842206B2 (en) * | 2015-10-29 | 2017-12-12 | International Business Machines Corporation | Using call stack snapshots to detect anomalous computer behavior |
US9817971B2 (en) * | 2015-10-29 | 2017-11-14 | International Business Machines Corporation | Using call stack snapshots to detect anomalous computer behavior |
US20170124324A1 (en) * | 2015-10-29 | 2017-05-04 | International Business Machines Corporation | Using call stack snapshots to detect anomalous computer behavior |
US20170124319A1 (en) * | 2015-10-29 | 2017-05-04 | International Business Machines Corporation | Using call stack snapshots to detect anomalous computer behavior |
US10834107B1 (en) | 2015-11-10 | 2020-11-10 | Fireeye, Inc. | Launcher for setting analysis environment variations for malware detection |
US10284575B2 (en) | 2015-11-10 | 2019-05-07 | Fireeye, Inc. | Launcher for setting analysis environment variations for malware detection |
US10846117B1 (en) | 2015-12-10 | 2020-11-24 | Fireeye, Inc. | Technique for establishing secure communication between host and guest processes of a virtualization architecture |
US10447728B1 (en) | 2015-12-10 | 2019-10-15 | Fireeye, Inc. | Technique for protecting guest processes using a layered virtualization architecture |
US11200080B1 (en) | 2015-12-11 | 2021-12-14 | Fireeye Security Holdings Us Llc | Late load technique for deploying a virtualization layer underneath a running operating system |
US20180373876A1 (en) * | 2015-12-24 | 2018-12-27 | British Telecommunications Public Limited Company | Software security |
US11201876B2 (en) | 2015-12-24 | 2021-12-14 | British Telecommunications Public Limited Company | Malicious software identification |
WO2017109129A1 (en) * | 2015-12-24 | 2017-06-29 | British Telecommunications Public Limited Company | Software security |
WO2017109128A1 (en) * | 2015-12-24 | 2017-06-29 | British Telecommunications Public Limited Company | Detecting malicious software |
US10839077B2 (en) * | 2015-12-24 | 2020-11-17 | British Telecommunications Public Limited Company | Detecting malicious software |
US20190347414A1 (en) * | 2015-12-24 | 2019-11-14 | British Telecommunications Public Limited Company | Detecting malicious software |
US10733296B2 (en) * | 2015-12-24 | 2020-08-04 | British Telecommunications Public Limited Company | Software security |
US10581898B1 (en) | 2015-12-30 | 2020-03-03 | Fireeye, Inc. | Malicious message analysis system |
US10341365B1 (en) | 2015-12-30 | 2019-07-02 | Fireeye, Inc. | Methods and system for hiding transition events for malware detection |
US10050998B1 (en) | 2015-12-30 | 2018-08-14 | Fireeye, Inc. | Malicious message analysis system |
US10872151B1 (en) | 2015-12-30 | 2020-12-22 | Fireeye, Inc. | System and method for triggering analysis of an object for malware in response to modification of that object |
US10133866B1 (en) | 2015-12-30 | 2018-11-20 | Fireeye, Inc. | System and method for triggering analysis of an object for malware in response to modification of that object |
US10565378B1 (en) | 2015-12-30 | 2020-02-18 | Fireeye, Inc. | Exploit of privilege detection framework |
US9824216B1 (en) | 2015-12-31 | 2017-11-21 | Fireeye, Inc. | Susceptible environment detection system |
US10445502B1 (en) | 2015-12-31 | 2019-10-15 | Fireeye, Inc. | Susceptible environment detection system |
US11552986B1 (en) | 2015-12-31 | 2023-01-10 | Fireeye Security Holdings Us Llc | Cyber-security framework for application of virtual features |
US10581874B1 (en) | 2015-12-31 | 2020-03-03 | Fireeye, Inc. | Malware detection system with contextual analysis |
US20170201490A1 (en) * | 2016-01-08 | 2017-07-13 | Secureworks Holding Corporation | Systems and Methods for Secure Containerization |
US10659498B2 (en) | 2016-01-08 | 2020-05-19 | Secureworks Corp. | Systems and methods for security configuration |
US10116625B2 (en) * | 2016-01-08 | 2018-10-30 | Secureworks, Corp. | Systems and methods for secure containerization |
WO2017127850A1 (en) * | 2016-01-24 | 2017-07-27 | Hasan Syed Kamran | Computer security based on artificial intelligence |
US10601863B1 (en) | 2016-03-25 | 2020-03-24 | Fireeye, Inc. | System and method for managing sensor enrollment |
US10616266B1 (en) | 2016-03-25 | 2020-04-07 | Fireeye, Inc. | Distributed malware detection system and submission workflow thereof |
US10785255B1 (en) | 2016-03-25 | 2020-09-22 | Fireeye, Inc. | Cluster configuration within a scalable malware detection system |
US10476906B1 (en) | 2016-03-25 | 2019-11-12 | Fireeye, Inc. | System and method for managing formation and modification of a cluster within a malware detection system |
US10671721B1 (en) | 2016-03-25 | 2020-06-02 | Fireeye, Inc. | Timeout management services |
US11632392B1 (en) | 2016-03-25 | 2023-04-18 | Fireeye Security Holdings Us Llc | Distributed malware detection system and submission workflow thereof |
US11159549B2 (en) | 2016-03-30 | 2021-10-26 | British Telecommunications Public Limited Company | Network traffic threat identification |
US11194901B2 (en) | 2016-03-30 | 2021-12-07 | British Telecommunications Public Limited Company | Detecting computer security threats using communication characteristics of communication protocols |
US10893059B1 (en) | 2016-03-31 | 2021-01-12 | Fireeye, Inc. | Verification and enhancement using detection systems located at the network periphery and endpoint devices |
US11936666B1 (en) | 2016-03-31 | 2024-03-19 | Musarubra Us Llc | Risk analyzer for ascertaining a risk of harm to a network and generating alerts regarding the ascertained risk |
US10169585B1 (en) | 2016-06-22 | 2019-01-01 | Fireeye, Inc. | System and methods for advanced malware detection through placement of transition events |
US11240262B1 (en) | 2016-06-30 | 2022-02-01 | Fireeye Security Holdings Us Llc | Malware detection verification and enhancement by coordinating endpoint and malware detection systems |
US10462173B1 (en) | 2016-06-30 | 2019-10-29 | Fireeye, Inc. | Malware detection verification and enhancement by coordinating endpoint and malware detection systems |
US11562076B2 (en) | 2016-08-16 | 2023-01-24 | British Telecommunications Public Limited Company | Reconfigured virtual machine to mitigate attack |
US11423144B2 (en) | 2016-08-16 | 2022-08-23 | British Telecommunications Public Limited Company | Mitigating security attacks in virtualized computing environments |
US10592678B1 (en) | 2016-09-09 | 2020-03-17 | Fireeye, Inc. | Secure communications between peers using a verified virtual trusted platform module |
US10491627B1 (en) | 2016-09-29 | 2019-11-26 | Fireeye, Inc. | Advanced malware detection using similarity analysis |
US11295021B2 (en) * | 2016-10-04 | 2022-04-05 | Hewlett-Packard Development Company, L.P. | Using a threat model to monitor host execution in a virtualized environment |
US10795991B1 (en) | 2016-11-08 | 2020-10-06 | Fireeye, Inc. | Enterprise search |
US10587647B1 (en) | 2016-11-22 | 2020-03-10 | Fireeye, Inc. | Technique for malware detection capability comparison of network security devices |
US10552610B1 (en) | 2016-12-22 | 2020-02-04 | Fireeye, Inc. | Adaptive virtual machine snapshot update framework for malware behavioral analysis |
US10581879B1 (en) | 2016-12-22 | 2020-03-03 | Fireeye, Inc. | Enhanced malware detection for generated objects |
US10523609B1 (en) | 2016-12-27 | 2019-12-31 | Fireeye, Inc. | Multi-vector malware detection and analysis |
US11570211B1 (en) | 2017-03-24 | 2023-01-31 | Fireeye Security Holdings Us Llc | Detection of phishing attacks using similarity analysis |
US10904286B1 (en) | 2017-03-24 | 2021-01-26 | Fireeye, Inc. | Detection of phishing attacks using similarity analysis |
US11863581B1 (en) | 2017-03-30 | 2024-01-02 | Musarubra Us Llc | Subscription-based malware detection |
US10848397B1 (en) | 2017-03-30 | 2020-11-24 | Fireeye, Inc. | System and method for enforcing compliance with subscription requirements for cyber-attack detection service |
US11399040B1 (en) | 2017-03-30 | 2022-07-26 | Fireeye Security Holdings Us Llc | Subscription-based malware detection |
US10798112B2 (en) | 2017-03-30 | 2020-10-06 | Fireeye, Inc. | Attribute-controlled malware detection |
US10902119B1 (en) | 2017-03-30 | 2021-01-26 | Fireeye, Inc. | Data extraction system for malware analysis |
US10791138B1 (en) | 2017-03-30 | 2020-09-29 | Fireeye, Inc. | Subscription-based malware detection |
US10554507B1 (en) | 2017-03-30 | 2020-02-04 | Fireeye, Inc. | Multi-level control for enhanced resource and object evaluation management of malware detection system |
US10855700B1 (en) | 2017-06-29 | 2020-12-01 | Fireeye, Inc. | Post-intrusion detection of cyber-attacks during lateral movement within networks |
US10601848B1 (en) | 2017-06-29 | 2020-03-24 | Fireeye, Inc. | Cyber-security system and method for weak indicator detection and correlation to generate strong indicators |
US10503904B1 (en) | 2017-06-29 | 2019-12-10 | Fireeye, Inc. | Ransomware detection and mitigation |
US10893068B1 (en) | 2017-06-30 | 2021-01-12 | Fireeye, Inc. | Ransomware file modification prevention technique |
US10747872B1 (en) | 2017-09-27 | 2020-08-18 | Fireeye, Inc. | System and method for preventing malware evasion |
US10805346B2 (en) | 2017-10-01 | 2020-10-13 | Fireeye, Inc. | Phishing attack detection |
US11637859B1 (en) | 2017-10-27 | 2023-04-25 | Mandiant, Inc. | System and method for analyzing binary code for malware classification using artificial neural network techniques |
US11108809B2 (en) | 2017-10-27 | 2021-08-31 | Fireeye, Inc. | System and method for analyzing binary code for malware classification using artificial neural network techniques |
US11240275B1 (en) | 2017-12-28 | 2022-02-01 | Fireeye Security Holdings Us Llc | Platform and method for performing cybersecurity analyses employing an intelligence hub with a modular architecture |
US11949692B1 (en) | 2017-12-28 | 2024-04-02 | Google Llc | Method and system for efficient cybersecurity analysis of endpoint events |
US11005860B1 (en) | 2017-12-28 | 2021-05-11 | Fireeye, Inc. | Method and system for efficient cybersecurity analysis of endpoint events |
US11271955B2 (en) | 2017-12-28 | 2022-03-08 | Fireeye Security Holdings Us Llc | Platform and method for retroactive reclassification employing a cybersecurity-based global data store |
US10826931B1 (en) | 2018-03-29 | 2020-11-03 | Fireeye, Inc. | System and method for predicting and mitigating cybersecurity system misconfigurations |
US11856011B1 (en) | 2018-03-30 | 2023-12-26 | Musarubra Us Llc | Multi-vector malware detection data sharing system for improved detection |
US11003773B1 (en) | 2018-03-30 | 2021-05-11 | Fireeye, Inc. | System and method for automatically generating malware detection rule recommendations |
US10956477B1 (en) | 2018-03-30 | 2021-03-23 | Fireeye, Inc. | System and method for detecting malicious scripts through natural language processing modeling |
US11558401B1 (en) | 2018-03-30 | 2023-01-17 | Fireeye Security Holdings Us Llc | Multi-vector malware detection data sharing system for improved detection |
US11314859B1 (en) | 2018-06-27 | 2022-04-26 | FireEye Security Holdings, Inc. | Cyber-security system and method for detecting escalation of privileges within an access token |
US11882140B1 (en) | 2018-06-27 | 2024-01-23 | Musarubra Us Llc | System and method for detecting repetitive cybersecurity attacks constituting an email campaign |
US11075930B1 (en) | 2018-06-27 | 2021-07-27 | Fireeye, Inc. | System and method for detecting repetitive cybersecurity attacks constituting an email campaign |
US11228491B1 (en) | 2018-06-28 | 2022-01-18 | Fireeye Security Holdings Us Llc | System and method for distributed cluster configuration monitoring and management |
US11316900B1 (en) | 2018-06-29 | 2022-04-26 | FireEye Security Holdings Inc. | System and method for automatically prioritizing rules for cyber-threat detection and mitigation |
US11182473B1 (en) | 2018-09-13 | 2021-11-23 | Fireeye Security Holdings Us Llc | System and method for mitigating cyberattacks against processor operability by a guest process |
US11763004B1 (en) | 2018-09-27 | 2023-09-19 | Fireeye Security Holdings Us Llc | System and method for bootkit detection |
US11368475B1 (en) | 2018-12-21 | 2022-06-21 | Fireeye Security Holdings Us Llc | System and method for scanning remote services to locate stored objects with malware |
CN111382440A (en) * | 2018-12-27 | 2020-07-07 | 北京奇虎科技有限公司 | CPU vulnerability detection method and system based on virtual machine |
CN111444508A (en) * | 2018-12-27 | 2020-07-24 | 北京奇虎科技有限公司 | CPU bug detection device and method based on virtual machine |
US11258806B1 (en) | 2019-06-24 | 2022-02-22 | Mandiant, Inc. | System and method for automatically associating cybersecurity intelligence to cyberthreat actors |
US11556640B1 (en) | 2019-06-27 | 2023-01-17 | Mandiant, Inc. | Systems and methods for automated cybersecurity analysis of extracted binary string sets |
US11392700B1 (en) | 2019-06-28 | 2022-07-19 | Fireeye Security Holdings Us Llc | System and method for supporting cross-platform data verification |
US11886585B1 (en) | 2019-09-27 | 2024-01-30 | Musarubra Us Llc | System and method for identifying and mitigating cyberattacks through malicious position-independent code execution |
US11637862B1 (en) | 2019-09-30 | 2023-04-25 | Mandiant, Inc. | System and method for surfacing cyber-security threats with a self-learning recommendation engine |
US11411805B1 (en) | 2021-07-12 | 2022-08-09 | Bank Of America Corporation | System and method for detecting root cause of an exception error in a task flow in a distributed network |
US20230195881A1 (en) * | 2021-12-16 | 2023-06-22 | Hewlett-Packard Development Company, L.P. | Virtual machines to install untrusted executable codes |
US11892937B2 (en) | 2022-02-28 | 2024-02-06 | Bank Of America Corporation | Developer test environment with containerization of tightly coupled systems |
US11438251B1 (en) | 2022-02-28 | 2022-09-06 | Bank Of America Corporation | System and method for automatic self-resolution of an exception error in a distributed network |
Also Published As
Publication number | Publication date |
---|---|
DE202013102179U1 (en) | 2013-08-01 |
CN103593608A (en) | 2014-02-19 |
RU2522019C1 (en) | 2014-07-10 |
RU2012156443A (en) | 2014-06-27 |
FR3000249B3 (en) | 2015-04-24 |
FR3000249A3 (en) | 2014-06-27 |
CN103593608B (en) | 2016-11-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8713631B1 (en) | System and method for detecting malicious code executed by virtual machine | |
Javaheri et al. | Detection and elimination of spyware and ransomware by intercepting kernel-level system routines | |
RU2531861C1 (en) | System and method of assessment of harmfullness of code executed in addressing space of confidential process | |
Cavallaro et al. | On the limits of information flow techniques for malware analysis and containment | |
RU2683152C1 (en) | Systems and methods of monitoring malware behavior to multiple objects of software | |
US8966624B2 (en) | System and method for securing an input/output path of an application against malware with a below-operating system security agent | |
EP3039608B1 (en) | Hardware and software execution profiling | |
US8925076B2 (en) | Application-specific re-adjustment of computer security settings | |
EP2691908B1 (en) | System and method for virtual machine monitor based anti-malware security | |
US9032525B2 (en) | System and method for below-operating system trapping of driver filter attachment | |
US20150163231A1 (en) | System and method for reducing load on an operating system when executing antivirus operations | |
EP2515250A1 (en) | System and method for detection of complex malware | |
US20130139264A1 (en) | Application sandboxing using a dynamic optimization framework | |
US10839052B2 (en) | Method and system of hardening applications against security attacks | |
CN110119619B (en) | System and method for creating anti-virus records | |
US20110219453A1 (en) | Security method and apparatus directed at removeable storage devices | |
McIntosh et al. | Dynamic user-centric access control for detection of ransomware attacks | |
CN105760787A (en) | System and method used for detecting malicious code of random access memory | |
Shan et al. | Enforcing mandatory access control in commodity OS to disable malware | |
Alzahrani et al. | Ransomware in windows and android platforms | |
Shila et al. | I can detect you: Using intrusion checkers to resist malicious firmware attacks | |
CN110348180B (en) | Application program starting control method and device | |
KR101288833B1 (en) | Method for preventing malicious code using office documents, and computer-readable recording medium for the same | |
Liu et al. | Binary exploitation in industrial control systems: Past, present and future | |
EP1902384B1 (en) | Securing network services using network action control lists |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: KASPERSKY LAB ZAO, RUSSIAN FEDERATION Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:PAVLYUSHCHIK, MIKHAIL A.;REEL/FRAME:029817/0911 Effective date: 20130214 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
AS | Assignment |
Owner name: AO KASPERSKY LAB, RUSSIAN FEDERATION Free format text: CHANGE OF NAME;ASSIGNOR:KASPERSKY LAB ZAO;REEL/FRAME:036786/0655 Effective date: 20150625 |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551) Year of fee payment: 4 |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 8 |